<?php
require_once("Validator.php");

class EmailHeaderInjectionValidator extends Validator {
	
	public function __construct($fieldName, $value, $errorMessage) {
		parent::__construct($fieldName, $value, $errorMessage);
	}
	
	/**
     * Checks injection attacks.
     * In this context, the target it to be able to send anonymous emails to 
     * other recipients. 
     * There are numerous additional fields that can be specified in
     * the mail headers (see RFC 822).
     * For example 'Cc' (Carbon Copy) or the 'Bcc' (Blind Carbon Copy).
     *
     * Any inputs expected from single-line text fields can just be refused if
     * they contain a newline character.
	 *
	 * @return NULL if the field is valid, a ValidationError if injection 
	 * 		   exploit is detected
	 */
	public function validate() {
		
		if ( preg_match("/(%0A|%0D|\\n+|\\r+)/i", $this->value) != 0 ) {
			return new ValidationError($this->fieldName, $this->value, 
						   			   $this->errorMessage);
		} else {
			return null;
		}
	}
}

?>